diff --git a/public/src/overrides.js b/public/src/overrides.js index a0ae5af1ad..95288cf038 100644 --- a/public/src/overrides.js +++ b/public/src/overrides.js @@ -123,14 +123,16 @@ if (typeof window !== 'undefined') { $.timeago.settings.allowFuture = true; var userLang = config.userLang.replace('_', '-'); var options = { year: 'numeric', month: 'short', day: 'numeric', hour: 'numeric', minute: 'numeric' }; - var formatFn; - if (typeof Intl === 'undefined') { - formatFn = function (date) { - return date.toLocaleString(userLang, options); - }; - } else { - var dtFormat = new Intl.DateTimeFormat(userLang, options); - formatFn = dtFormat.format; + var formatFn = function (date) { + return date.toLocaleString(userLang, options); + }; + try { + if (typeof Intl !== 'undefined') { + var dtFormat = new Intl.DateTimeFormat(userLang, options); + formatFn = dtFormat.format; + } + } catch (err) { + console.error(err); } var iso; diff --git a/src/controllers/api.js b/src/controllers/api.js index 8bb0a2f7a7..7b9b404de1 100644 --- a/src/controllers/api.js +++ b/src/controllers/api.js @@ -86,8 +86,8 @@ apiController.loadConfig = async function (req) { config.usePagination = settings.usePagination; config.topicsPerPage = settings.topicsPerPage; config.postsPerPage = settings.postsPerPage; - config.userLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.userLang || config.defaultLang; - config.acpLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.acpLang; + config.userLang = validator.escape(String((req.query.lang ? req.query.lang : null) || settings.userLang || config.defaultLang)); + config.acpLang = validator.escape(String((req.query.lang ? req.query.lang : null) || settings.acpLang)); config.openOutgoingLinksInNewTab = settings.openOutgoingLinksInNewTab; config.topicPostSort = settings.topicPostSort || config.topicPostSort; config.categoryTopicSort = settings.categoryTopicSort || config.categoryTopicSort; diff --git a/src/user/settings.js b/src/user/settings.js index c9223c8cd2..82dde7d493 100644 --- a/src/user/settings.js +++ b/src/user/settings.js @@ -5,6 +5,7 @@ const meta = require('../meta'); const db = require('../database'); const plugins = require('../plugins'); const notifications = require('../notifications'); +const languages = require('../languages'); module.exports = function (User) { User.getSettings = async function (uid) { @@ -87,6 +88,13 @@ module.exports = function (User) { throw new Error('[[error:invalid-pagination-value, 2, ' + maxTopicsPerPage + ']]'); } + const languageCodes = await languages.listCodes(); + if (data.userLang && !languageCodes.includes(data.userLang)) { + throw new Error('[[error:invalid-language]]'); + } + if (data.acpLang && !languageCodes.includes(data.acpLang)) { + throw new Error('[[error:invalid-language]]'); + } data.userLang = data.userLang || meta.config.defaultLang; plugins.fireHook('action:user.saveSettings', { uid: uid, settings: data }); diff --git a/test/user.js b/test/user.js index 738d421694..2faf71fb70 100644 --- a/test/user.js +++ b/test/user.js @@ -1550,6 +1550,21 @@ describe('User', function () { }); }); + it('should error if language is invalid', function (done) { + var data = { + uid: testUid, + settings: { + userLang: '', + topicsPerPage: '10', + postsPerPage: '5', + }, + }; + socketUser.saveSettings({ uid: testUid }, data, function (err) { + assert.equal(err.message, '[[error:invalid-language]]'); + done(); + }); + }); + it('should set moderation note', function (done) { var adminUid; async.waterfall([